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after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 
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DETAILED ACTION 

Response to Arguments 

1 . In response to communications filed on 10/5/2005, for a request to continue examination, 
applicant amends claims 1-12, 14-18, 20-23, and adds claim 24. The following claims 1-12 and 
14-24 are presented for examination. 

2, Applicant's arguments, pages 8-17, filed on 10/5/2005, with respect to the rejection of 
claims 1-23 have been fully considered, but they are not persuasive. Regarding claim 1, 
applicant has amended the claimed digital data by adding digital data including document. Note 
that Applicant's claimed "digital data" is described in the disclosure (page 12, last paragraph) as 
"any data, which may be for example a shopping order list, a military command to fire a missile, 
or a contract". Applicant argues that the present invention is distinct from the prior art because 
the prior art does not display a document. Examiner respectfully disagrees. Wang discloses 
electronic transaction data that includes at least purchase transaction, bank transaction, library 
materials transaction, financial transactions, vendor/user transaction etc. (see column 1, lines 13- 
35) that meets the recitation of data including document as claimed in claim 1. Applicant adds 
that Wang does not teach displaying complete detail of the document. In response to applicant's 
argument that the references fail to show certain features of applicant's invention, it is noted that 
the features upon which appUcant relies (i.e., Wang does not teach displaying complete detail of 
the document) are not recited in the rejected claim(s). Although the claims are interpreted in 
light of the specification, limitations from the specification are not read into the claims. See In 
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re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993), As mentioned above. 
Applicant's disclosure at the time the invention was made was not focusing on the type of data to 
be signed, but any digital data or document. With respect to claims 2, 3, 9, and 15-16, in 
response to applicant's arguments against the references individually, one cannot show 
nonobviousness by attacking references individually where the rejections are based on 
combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re 
Merck & Co,, 800 F.2d 1091, 23 1 USPQ 375 (Fed. Cir. 1986). AppUcant has amended the 
claims to further Umit some of the claims. Upon further consideration, a new ground of rejection 
is made to claims 6-8. Other claims still remain rejected in view of the same references. 

Specification 

3. The amendment filed 3/9/2005 is objected to under 35 U.S.C. 132(a) because it 
introduces new matter into the disclosure. 35 U.S.C. 132(a) states that no amendment shall 
introduce new matter into the disclosure of the invention. The added material which is not 
supported by the original disclosure is as follows: "prevents the user from authorizing and 
digitally signing any data unless it is viewable on the trusted display", page 2 of 17 of the 
amendment. Applicant is required to cancel the new matter in the specification. 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner 
and process of making and using it, in such full, clear, concise, and exact terms as to enable any 
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person skilled in the art to which it pertains, or with which it is most nearly connected, to make 
and use the same and shall set forth the best mode contemplated by the inventor of carrying out 
his invention. 

4.1 Claims 4, 5, and the intervening claims are rejected under 35 U.S.C. 1 12, first paragraph, 
as failing to comply with the written description requirement. The claim contains subject matter, 
which was not described in the specification in such a way as to reasonably convey to one skilled 
in the relevant art that the inventor(s), at the time the application was filed, had possession of the 
claimed invention. AppUcant's disclosure fails to recite signed data is not transmitted external 
until said audit means audits the signing performed by said cryptographic engine and signed 
data is not displayed by said trusted display until said audit means audits the signing performed 
by said crvptographic engine . The specification, on the other hand, merely describes an audit log 
as information representative of the transactions performed by the PKPD. 



Claim Rejections - 35 USC §103 
5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in the art to which said subject 
matter pertains. Patentability shall not be negatived by the manner in which the invention was 
made. 
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5. 1 Claims 1, 4-5, 10, 14, 17-23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over US Patent 5,917,913 to Wang in view of US Patent 6,092,202 to Veil et al. 

5.2 As per claim 1, Wang discloses a digital private key protection device, comprising a 
digital private key storage means containing a user's digital private key, for example (see column 
9, lines 5-20); a cryptographic engine, for example (see column 9, lines 1-6); a communications 
port for receiving digital data including a document from an external device, and for transmitting 
data to said external device, for example (see column 9, lines 20-40; column 1, lines 13-35); a 
display means for displaying said received digital data, for example (see column 10, line 65 
through column 11, 12); a user operable input means connected to said cryptographic engine to 
indicate when operated by said user their approval of said displayed received digital data, for 
example (see column 11, lines 14-41, column 10, lines 36-67); wherein said cryptographic 
engine for processing digital data and one or more digital keys is trusted to only apply said user's 
digital private key to sign said received data only if said user operable input means is operated 
and communicate said signed data external of said digital private key protection device, for 
example (see column 1 1, lines 33-62 and column 4, lines 40-65). Wang does not explicitly 
disclose a trusted display. Veil et al in an analogous art discloses a trusted display for displaying 
true transaction information (see abstract). Veil et al discloses that the present invention 
displays transaction information that has been authenticated as true transaction information; and 
the trusted display can optionally be separate so that the user can visually see a conflict between 
a correct and false transaction and alerts user to a possible tampering or attack (column 7, line 50 
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through column 8, Une 33). Therefore, it would have been obvious to one of ordinary skill in the 
art at the time the invention was made to modify the display of Wang to provide the user with a 
trusted display that displays transaction information that has been authenticated as true 
transaction information; and the trusted display can optionally be separate so that the user can 
visually see a conflict between a correct and false transaction and alerts user to a possible 
tampering or attack as taught by Veil et al. One of ordinary skill in the art would have been lead 
to make such a modification to guarantee that a transaction displayed represents the true 
information as suggested by Veil et ai (column 7, line 50 through column 8, Une 33). 

As per claim 4, Wang discloses the Hmitation of an audit means meets the recitation of 
wherein signed data is not transmitted external of said digital private key protection device until 
said audit means audits the signing performed by said cryptographic engine, for example (see 
column 7, lines 1-17 and column 12, Hnes 35-50; column 4, lines 40-55). Want discloses a 
means of recording all transaction approvals so that is able to know when transaction has been 
approved, how many times it has been approved, duplicate transaction approval data, etc. 

As per claim 5, Wang discloses the limitation of an audit means that meets the recitation 
of wherein signed data is not displayed until a said encryption process is audited by said audit 
means, for example (see column 7, lines 1-17 and column 12, lines 35-50). 

As per claim 10, Wang discloses the hmitation of wherein said cryptographic engine is 
trusted to decrypt digital data using said user's digital private key and passing decrypted digital 
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data to said display means for display of said received digital data, for example (see column 7, 
lines 42-61). 

As per claim 14, Veil et al discloses wherein said digital private key storage means also 
contains a digital shared secret symmetric key wherein said cryptographic engine is trusted to 
only apply said digital shared secret symmetric key to encrypt data only if said user operable 
input means is operated and also trusted to communicate said encrypted data external of said 
digital private key protection device (column 5, line 55 through column 6, line 16 and column 
11, line 29-67). Veil et al discloses a user PIN to unlock the private key and authorizes use of 
sensitive data if verified that meets the recitation of user operable input means. Wang also 
discloses another input means using a switch. Therefore, claim 14 is rejected on the same 
rationale as the rejection of claim 1. 

As per claims 17-21, the combination of Wang and Veil et al discloses the Umitation of 
wherein said trusted display means is external to said device and controlled by said device for 
displaying data transmitted from said communications port in a trusted manner wherein said 
digital private key storage means is removable from said device (see Veil, column 7, lines 58-60 
and drawings); wherein said user operable input means is external to said device and controlled 
by said device to be actuated by said user in a predetermined manner; further comprising 
identification and authentication means actuated by said user in a predetermined manner; an 
audit means which audits said actuation of said user operable input means (Wang, column 4, 
lines 40-67 and column 10, line 55 through column 1 1). 
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As per claims 22-23, the combination of Wang and Veil et al discloses a digital private 
key protection device according to claim 1, wherein a cryptographic request is received from 
said external device according to a predetermined application programming interface, such that 
the request is performed by said digital private key protection device using the user's private or 
other keys as identified by the request, but excluding any private keys associated with the private 
key protection device with the result being transmitted to said external device or a predetermined 
destination included in said request or otherwise predetermined, wherein said device displays a 
description of said request to the user and, only if the user operates said user operable input 
means, does said device carry out said request (Wang, column 1 1, lines 33-67 and Veil, column 
7, line 35 through column 8, line 33 ). 

As per claim 24, the combination of Wang and Veil et al discloses a digital private key 
protection device according to claim 1, wherein the digital key storage is adapted to allow 
removal of the user's digital keys from the digital key protection device (see Veil et al, column 
6, lines 8-34). Therefore, claim 24 is rejected on the same rationale as the rejection of claim 1 . 

6. Claims 2, 3, 9, and 15-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
US Patent 5,917,913 to Wang in view of US Patent 6,092,202 to Veil et al as applied to claim 1 
and further in view of Bruce Schneier, Applied Cryptography, 1996, John Wiley & Sons, 
Second Edition, Pages 43-44. 
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6.1 As per claims 2, 3, 9, and 15-16, Wang substantially teaches the claimed method of 
claim 1 and discloses that the invention is not limited to any encryption scheme, for example (see 
column 5, lines 35-50), Wang discloses that the received data can be encrypted using a trusted 
public and private key, for example (see column 7, lines 18-67). Veil et al discloses proving 
electronic transactions performed by a cardholder and discloses verifying whether a user is 
authorized to conduct a transaction to prevent repudiation (column 1 1, line 45 through column 
12, line 14 and columns 5-6); and further discloses a trusted display for verification of 
transaction information as discussed above in claim 1. Veil et al discloses transaction data 
including a certificate created using a user's private key (column 1 1, lines 22-45). The Umitation 
of received data that includes instructions to determine which protocol to use to communicate or 
keys to use for encryption is well known in packet processing and can be also found in Schneier 
textbook. Neither of the references exphcitly teaches validating signature of a user's public key 
from a plurality of public keys and decrypts data using the verified public key. Schneier in an 
analogous art teaches a key certification authority wherein the users' public keys are signed with 
a trusted private key to prevent attack against public key, for example (see pages 43, 62-64); and 
further discloses validating signature of said user's public key with said trusted public key to 
determine the veracity of said user's public key and then decrypts said received data using said 
verified predetermined user's public key, for example (see pages 43, 62-64). Therefore, it would 
have been obvious to one of ordinary skill in the art at the time the invention was made to 
modify the method as combined above to store user's public keys and have the public keys 
signed by a trusted private key using public/private key pairs as taught by Schneier. This 
modification would have been obvious because one skilled in the art would have been motivated 
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by the suggestions provided by Schneier to have a card that can be used by more than one user 
and prevent attack against public key and prevents users from repudiation as it proves proof of 
user's participation. 

7. Claims 11-13 are rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
5,917,913 to Wang in view of US Patent 6,092,202 to Veil et al as applied to claim 1 and further 
in view of US Patent 5,742,756 to Dillaway et al. 

7. 1 As per claim 11-13, Wang discloses a user may activate a button to create a transaction 
approval and message encrypted or decrypted to be transmitted unless said user operable input 
means is operated (column 11, lines 40-55). Veil et al discloses encryption decryption of 
transaction and further discloses sensitive data remains resident in protected device (column 11, 
lines 1-8). Neither of the references explicitly states decrypted information is not released 
external to said device unless said user operable input means is operated. Dillaway et al in an 
analogous art teaches security and authentication and digital signature performed by a smart card 
and discloses to provide a higher degree of security users can be required to provide password or 
wait for user presence signal before performing any security critical operations (column 5, line 
50 through column 6, line 30). Transmitting decrypting information outside of the card is a 
security critical operation to one skilled in the art. Therefore, it would have been obvious to one 
of ordinary skill in the art at the time the invention was made to modify the method as combined 
above to activate the approval button of Wang before decrypted information is released external 
to said device to confirm the presence of the user as taught by Dillaway et al. One of ordinary 
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skill in the art would have been lead to make such a modification to confirm the presence of the 
user before performing a security critical operation as suggested by Dillaway et al (column 5, 
line 50 through column 6, line 30). 

8. Claims 6-8 is rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
5,917,913 to Wang in viev^ of US Patent 6,092,202 to Veil et al as applied to claim 1 and further 
in view of US Patent 6,408,388 Fisher. 

As per claim 6, both references disclose the claimed method of claim 1. Neither of the 
references discloses multiple signatures. However, Fisher in an analogous art discloses a 
method of ensuring that both the device producing the signature and the user signing the digital 
data can be trusted by performing multiple signatures wherein data is signed with the user's 
private key and is further signed with the device private key and further signing the data with the 
user's private key (column 6, lines 25-40 and column 8, lines 10-21). Therefore, it would have 
been obvious to one of ordinary skill in the art at the time the invention was made to modify the 
method as combined above to store a digital private key of the device wherein digital data signed 
by the protection device is further signed by the private key of the protection device as taught by 
Fisher. One of ordinary skill in the art would have been lead to make such a modification 
because the implementation of multiple signature provides further security and trust such that 
both the device producing the signature and the entity can be trusted and validated as the data is 
signed twice with the device's key and the user's or authority's key as suggested by Fisher 
(column 6, lines 25-40). 
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As per claims 7-8, Veil et al discloses use of public/private key pair for decrypting data 
that has been encrypted at the other end using the corresponding public or private key from the 
key pair (column 5, lines 48 through column 6, Une 16 and discloses trusted display for 
verification (claim 1). Fisher discloses verification of signature signed by a private key using 
public key (column 6, line 25 through column 7, line 7). Therefore, claims 7-8 are rejected on 
the same rationale as the rejection of claims 1 and 6. 

Conclusion 

9. The prior art made of record and not reUed upon is considered pertinent to applicant's 
disclosure as the art protection device to protect private keys of users and several cryptographic 
schemes to verify signatures and key used. Many of the claimed features are disclosed in these 
references. 

US Patents: 4,529,870 Chaum;; 4,731,842 Smith; 6,212,635 Reardon; 
6,484,260 Scott etal; 6,018,724 Arent; 6,507,909 Zurko et al. 

9. 1 Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carl CoUn whose telephone number is 571-272-3862. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795, The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 



Application/Control Number: 09/856,813 



Page 13 



Art Unit: 2136 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov . Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



December 21, 2005 



Patent Examiner 



Carl CoUn 




